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Information  Age  Trends 


.  INFORMATION  has  become  the  Primary  Capital  (Human 
Intelligence  &  Intellectual  Capital) 

.  Instant  Global  Communications  &  Networking  have 
Profound  Consequences 

.  Public  &  Private  Institutions  and  markets  will  be 
transformed 

.  National  Boundaries  are  increasingly  irrelevant 

.  Traditional  Power  &  Perquisites  of  Sovereignty  are 
Disappearing  (In  govt  and  private  organizations) 

.  Vulnerability  of  Networked  Information  has  increased 
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Data  Protection 
Yesterday  &  Today 


Data  in  Motion 


Data  in  Motion  AND  at  Rest 


How  Vulnerable  Are  We? 


.  Massive  Networking  makes  the  US.  the  World’s  Most 
Vulnerable  Target  for  Information  Attack 

-  Exploitation  (Passive) 

-  Disruption  of  Network  Infrastructure  (Theft-Destruction) 


.  U.S.  has  Orders  of  Magnitude  More  To  Lose  than  other 
nations 


.  Reliance  on  Unprotected  Networks  carries  Risk  of  Military 
Failure,  Catastrophic  Economic  Loss,  Damage  to  Critical 
Infrastructures 
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Evolving  Defense  Environment 
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Risk  Equation 


Vulnerabilities  x  Threats 
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Threat  Awareness 
Past/Present/Future 

•  Govt/Media  Reports  of  Vulnerabilities  1993-96 

•  PDD-35,  PDD-39  (Intelligence  Priorities/Counter-Terrorism) 

•  Executive  Order  (EO)  13010  (PCCIP) 

•  Economic  Espionage  Act  1996 

•  Defense  Science  Board  (DSB)  IW-D  Report  -  Nov  96 

•  Executive  Order  (EO)  13026  -  Nov  96  (Encryption  Policy) 

•  Senate  Secrecy  Commission  -  Mar  97 

•  Presidential  Commission  (PCCIP)  Recommendations  Oct  97 

•  PDD-63  (Critical  Infrastructure  Assurance)  -  May  98 

•  National  Infrastructure  Assurance  Plan  -  May  2000 
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Infrastructure  Assurance  Timeline ... 


PDD-39  Issue 

OK  Bomb 

990  1995 

id — ^ 

CIWG — 

\  1996 

Eligible 

Receiver 

1997 

PDD-  63 

PDD-  62 

Solar 

Sunrise 

1998 

Encryption 

Policy 

Debate 

- ^ 

EO  13010 

PCCIP  Forme 

IPTF  &  CITAC 

i 

I 

i  PCCIP  Repc 

!  Formed 

FBI  IPC  Plan 
DoD  Plan 

National 

Coordinator 

)rt 

Cl  AO 

NIPC 

Infrastructure  Protection  Initiatives 


DTIC’s 

IATAC 

Stood-up 


AFCEA_NJ  (9/98)  8 


PDD  63 

Vulnerability  &  President’s  Intent 

.  President’s  Recognition  of  “Growing  Potential 
Vulnerability” 

-  Critical  Infrastructures  linked  and  interdependent 

-  U.S.  heavily  reliant  upon  networked  systems 

-  Cyber  threat  is  real 


.  President’s  Intent:  “U.S.  will  take  all  necessary 
measures.. .” 

-  To  eliminate  any  significant  vulnerability  to  U.S. 
physical  or  cyber  attacks  on  our  critical 
infrastructures 
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PDD-63  Organization 
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PDD  63 

Public-Private  Partnership 


.  Since  critical  infrastructures  are  mix  of  public-private 
stakeholders,  elimination  of  potential  vulnerability 
requires  closely  coordinated  effort  between  public 
and  private  sector 

-  To  succeed,  must  be  “genuine,  mutual  and 

cooperative” 

-  Avoid,  where  feasible,  increased  government 

regulation  and  unfunded  mandates 

-  Appoint  Sector  Liaison  to  work  with  private  industry 
Sector  Coordinator 
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PDD-63 

Every  Department  /  Agency  ... 

•  Shall  be  responsible  for  protecting  its  own  critical 
infrastructures 

•  CIO  will  be  responsible  for  Information  Assurance 

•  Shall  appoint  a  Critical  Infrastructure  Assurance 
Officer  (CIAO)  responsible  for  protection  of  all  the 
other  aspects  o  that  department’s  critical 
infrastructure 

•  Develop  a  plan  for  protecting  its  own  critical 
infrastructure,  no  later  than  180  days  from  the  PDD 
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PDD  63 

National  Infrastructure  Protection 


.  By  2003  achieve  ability  to  protect  nation’s 
critical  infrastructures  from  intentional  acts  that 
would  diminish  the  ability  of: 

-  The  Fed  govt  to  perform  essential  national  security 
missions  and  ensure  the  public  health  and  safety 

-  State  &  Local  governments  to  maintain  order  and  to 
deliver  minimum  essential  public  services 

-  The  Private  Sector  to  ensure  the  orderly  functioning 
of  the  economy  &  the  delivery  of  essential  telecomm, 
energy,  financial,  and  transportation  services 
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PDD-63 
Task  Areas 

.  Vulnerability  Analyses 
.  Remedial  Plan 
.  Warning 
.  Response 
.  Reconstitution 
.  Education  &  Awareness 
.  Research  &  Development 
.  Intelligence 
.  International  Cooperation 
.  Legislative  &  Budgetary  Requirements 


PDD-63  Requirements 


CEA 


“At  the  end  of  the  day, 


jj 


.  Vulnerabilities 

-  Real  but  not  Widely  Recognized 

-  Governments  Just  Beginning  to  Focus 

-  Industry  is  Not  Focused  on  this  issue 

.  Threat 

-  Real,  but  Difficult  to  Quantify 

-  Government  is  Changing  Focus  from  Traditional 
Threat  to  Information  Age  Threat 

-  Industry  Barely  in  the  Acceptance  Stage 
.  Risks  Exist  But 

-  Understood  by  Only  a  Small  number  of  People 

-  Government  -  Still  Trying  to  Define 

-  Industry  -  Nowhere  near  Consensus 
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